hash-and-url avoids IP fragementation, cert and crl fetch based on IPv6
[strongswan.git] / testing / tests / ipv6 / net2net-rfc3779-ikev2 / hosts / sun / etc / ipsec.conf
1 # /etc/ipsec.conf - strongSwan IPsec configuration file
2
3 config setup
4         strictcrlpolicy=no
5         crlcheckinterval=180
6         plutostart=no
7
8 ca strongswan
9         cacert=strongswanCert.pem
10         certuribase=http://ip6-winnetou.strongswan.org/certs/rfc3779/
11         crluri=http://ip6-winnetou.strongswan.org/strongswan_rfc3779.crl
12         auto=add
13
14 conn %default
15         ikelifetime=60m
16         keylife=20m
17         rekeymargin=3m
18         keyingtries=1
19         keyexchange=ikev2
20         mobike=no
21
22 conn net-net
23         also=host-host
24         leftsubnet=fec2::0/16
25         rightsubnet=0::0/0
26
27 conn host-host
28         left=PH_IP6_SUN
29         leftcert=sunCert.pem
30         leftid=@sun.strongswan.org
31         leftfirewall=yes
32         right=PH_IP6_MOON
33         rightid=@moon.strongswan.org
34         auto=add